Internet Privacy Index – 2021

heatmap-internetprivacy_map

Internet usage is growing by the day. As usage grows, so does the amount of information shared. A lot of information is shared voluntarily. People create profiles for social media sites, join email lists and download white papers. With every interaction, data is voluntarily given.

Meanwhile, more aggressive marketing tactics like tracking website behavior is becoming all too popular. In an attempt to show customers relevant ads, companies monitor clicks, identify trends and create targeted ad campaigns. Companies using data for advertising purposes is one thing, but personal data is a goldmine for hackers. From email phishing scams to ransomware, there are a number of threats that make personal data like passwords, bank accounts and credit card numbers, vulnerable.

Internet privacy is one of the fastest growing concerns among online users.

  • Research shows that 68% of users are concerned about not knowing how their personal information is collected online and used. And concern is only growing. Forty-five percent of consumers are more worried about their online privacy than they were a year ago, according to TrustArc.

The state of internet privacy is an important topic, which is why we’ve created this guide to discuss privacy concerns, explore solutions and present an Internet Privacy Index that ranks the internet privacy of 100+ countries.

In this guide, we’ll cover:

  • Global use of the internet
  • Internet Privacy Index
  • Cybercrime legislation
  • Data privacy for consumers
  • Patchwork legislation makes data privacy difficult
  • Consumer efforts to protect customer data

Global use of the internet

To understand how vast online privacy concerns are, it’s important to explore global internet use. More than four million people have access to the internet as of 2019. While that may not sound like a lot, there are still four billion people in the world that aren’t connected.

  • In 2017, Norway had the highest internet usage rates with 96.5%. Its neighboring country Sweden a close second at 96.4%. The United States had 76% usage, with many of the rural areas in the nation without access.
  • The lowest usage rates were found in Africa. Central African Republic had just 4% internet use. Chad had 5% and South Sudan had 6.6%, according to Our World in Data.

Usage and wealth

Internet use statistics have a lot to do with broadband access and income. Broadband access is either non-existent or too expensive for many developing countries. The areas with the least amount of internet access are often areas where income levels are less than $10,000. When income rises above that amount, there is an increase in internet access and use.

  • However, internet usage is still growing the fastest in upper-middle income countries, growing at a rate of 6% annually. In low income countries, internet penetration is only up 2%, according to the Web Index.

Low income families are less likely to adopt technology due to the income barrier. Money is allocated for other essential needs rather than electronics, while high-income families not only adopt technology faster, but spend money on multiple devices.

  • Sixty-four percent of high-income homes have a smartphone, laptop, tablet and high speed broadband service, compared to just 18% of low-income homes with more than one device, according to Pew Research.

Internet privacy index

While there are still many without internet access, the exponential growth of internet use across the globe is moving quickly. Access will continue to improve, but so will privacy concerns.

Considering the number of global internet users, we wanted to know which countries worked the hardest to protect a user’s privacy. To find the answer, we collected data on a variety of topics that can affect internet privacy.

To find out which countries have the best internet privacy, we collected data on:

  • Press freedom
  • Data privacy laws
  • Democracy statistics
  • Freedom of opinion and expression
  • Cybercrime legislation worldwide

All of these factors were taken into consideration as we worked to figure out which countries prioritize internet privacy. As a result, we were able to rank 110 countries in order of internet privacy. A high privacy score means the country takes steps to protect information shared online. The higher the score, the more protected the information.

Internet privacy by country

As you can see from the map above, Norway offers the highest commitment to internet privacy with a score of 90.1. Australia follows in second place with a score of 89.1. In third place is Denmark at 87.4, fourth place is held by Sweden with a score of 85.2 and Finland holds the fifth spot with an internet privacy score of 83.6.

The country with the lowest score is China, with a score of 13.1. Uzbekistan follows in second place with a score of 15.0. Cambodia has the third lowest commitment to internet privacy with a score of 15.6, while Vietnam comes in fourth with a score of 17.3. Zimbabwe holds fifth place with an internet privacy score of 18.8.

The United States is in 18th place with a score of 68.6.

heatmap-internetprivacy_chart

Internet Privacy Ranking

RankCountryPrivacy Score
1Norway90.1
2Australia89.1
3Denmark87.4
4Sweden85.2
5Finland83.6
6Germany83.3
7Canada81.8
8New Zealand80.2
9Estonia77.6
10Portugal75.4
11France73.9
12United Kingdom73.2
13Netherlands73.1
14Chile72.8
15Spain72.3
16Czech Republic72.2
17Japan71.3
18United States68.6
19Austria67.4
20Belgium67.0
21Italy65.9
22Slovenia64.4
23Romania63.9
24Greece63.6
25Argentina63.0
26Costa Rica62.6
27South Africa61.0
28Uruguay60.8
29Brazil60.6
30Poland60.2
31Singapore60.1
32Hungary55.0
33Colombia54.3
34India53.1
35Malaysia52.9
36Jamaica52.4
37Botswana51.6
38Namibia49.8
39Ghana49.2
40Dominica48.8
41Mexico48.6
42Trinidad and Tobago48.5
43Mauritius47.6
44Hong Kong SAR, China46.9
45Tunisia46.9
46Morocco46.9
47Panama45.7
48Albania45.6
49Peru45.1
50Croatia44.7
51El Salvador43.7
52Suriname42.8
53Georgia42.4
54Senegal41.6
55Bosnia and Herzegovina41.5
56Indonesia39.9
57Kenya39.5
58Bulgaria38.7
59Sri Lanka38.7
60Malawi38.7
61Dominican Republic38.3
62Nepal38.3
63Burkina Faso37.7
64Guatemala37.5
65Mongolia37.4
66Ukraine37.1
67Guyana36.9
68Serbia36.3
69Liberia35.6
70Mali34.4
71Ecuador34.3
72Benin34.1
73Rwanda33.9
74Philippines33.6
75Jordan33.4
76Algeria32.6
77Thailand31.6
78Moldova31.2
79Nigeria30.6
80United Arab Emirates30.5
81Madagascar30.2
82Lebanon30.1
83Pakistan30.0
84Zambia29.5
85Sierra Leone28.9
86Guinea28.7
87Bolivia27.0
88Tanzania27.0
89Uganda26.2
90Cote d'Ivoire25.8
91Togo25.3
92Bangladesh25.1
93Angola24.4
94Honduras24.0
95Kazakhstan24.0
96Turkey23.3
97Nicaragua23.2
98Niger22.7
99Myanmar22.6
100Mozambique21.8
101Ethiopia21.7
102Cameroon21.4
103Afghanistan20.8
104Mauritania20.0
105Belarus19.5
106Zimbabwe18.8
107Vietnam17.3
108Cambodia15.6
109Uzbekistan15.0
110China13.1

How Norway achieved top honors for internet privacy

With an internet privacy score of 90.1, Norway offers the highest internet privacy in the world. Norway also has some of the highest internet usage rates and some of the highest broadband speeds available.

But, what does the country do to earn such high marks in data privacy? Here are several of the biggest measures taken by Norway to protect internet privacy:

Internet privacy regulations

Norway has some of the toughest internet privacy rules in the world. They have several pieces of legislation that protect the privacy of their citizens both physically and digitally.

  • The country set up the Norwegian Data Protection Authority, which is an independent public authority created with the purpose of protecting individual’s privacy.
  • To collect or process any personal data in Norway, consent must be given. Citizens are also given the right to be forgotten, which means they can decide if they want a company to delete their personal information from their database.
  • The country has even taken on Google, asking the internet giant to remove online content about several of citizens. In total, the country is fighting with Google to remove about 2,000 items from its searches, according to the Library of Congress.

Protection from foreign governments

Norway doesn’t allow foreign governments to “spy” on citizen data either. The country takes a strong stance on data protection, requiring any government to gain permission from a Norwegian court to gain access to private information.

Number of secure servers

Norway boasts some of the highest number of secure servers for citizens to utilize, which means data that’s being exchanged online is mostly encrypted.

Why China ranks the lowest for internet privacy

China has the lowest internet privacy score out of all 110 countries with a score of 13.1. 

Why is the country at the bottom of the rankings? There are several reasons, but here are a few:

Government surveillance

China is working to become the first country to create an algorithm to create profiles of every citizen. These profiles will help the government assign each person a “citizen score” based on their digital and physical behavior. Posting anti-government blogs, for example, or being caught via a street camera jaywalking can lower a citizen’s score. The lower the score, the less privileges the citizen receives. For example, a low score results in slow internet speed or puts a passport application at the bottom of the pile, explains The Atlantic.

Censorship

China doesn’t adhere to a free speech; the exact opposite actually. Information posted by citizens can be censored or blocked. Major offenses result in arrests.

  • In 2017, 128,000 site were blocked and 1900 people were arrested or punished by the Chinese government, which claims its actions are for the good of the people, according to AsiaNews.

Limited privacy laws

Until recently, China had few privacy laws in place. However, the country did implement a data privacy standard recently that sets regulations for consent and puts rules in place for how data is collected, stored and shared. Critics of this new legislation, however, point out that the new law fails to offer enforcement plans, according to the Center for Strategic & International Studies.

Cybercrime legislation

Internet privacy varies by country, but no matter where someone lives, privacy concerns can’t be handled without a little help from the government. Creating legislation that protects consumers from identity fraud, data breaches and credit card theft is one small piece of the internet privacy puzzle.

In an effort to stop or at least slow the progression of cybercrimes, many countries have enacted specific legislation aimed at hacker’s abilities.

  • Research shows 72% of countries across the world have strong cybercrime legislation compared to 18% of countries with none, according to the United Nations.

Most of the countries that don’t have cybercrime legislation are in Africa. In some cases, the countries without legislation are those with little to no internet access.

In the U.S., there are federal laws that protect against computer fraud, credit card theft, identify theft, economic espionage, violence and child pornography. The main legislation was written in 1984 and has been added to over the years.

Cybercrimes include many different crimes that can put a person’s privacy at risk. Here’s a look at the most prevalent cybercrimes and a description of each:

Phishing

Cybercriminals “go phishing” by sending a bunch of emails to people in hopes of tricking them into sharing information. It’s one of the oldest threats, but it is still prevalent because it’s cheap, requires little effort and targets something just about everyone has – an email account.

Ransomware

Hackers seize control of a computer or a network and refuse to return control until a sum of money is paid. Users are essentially locked out of the system until demands are met.

Cloud hacks

A growing number of people are storing information in the cloud, making it a prime target for hackers. Cybercriminals are constantly creating new ways to access cloud accounts and mine them for sensitive data.

Digital ad fraud

When fraudulent companies sell ads and generate fake results, it’s called digital ad fraud. The fraudulent company might place a real ad, but use bots to generate fake traffic and inflate response rates.

Password attack

Hackers attempt to learn passwords by reviewing public online profiles for clues. With passwords in hand, hackers can gain access to a variety of different accounts like banks, social media accounts and credit cards. If the same password is used for multiple accounts, hackers can do more extensive damage.

Data privacy for consumers

Internet privacy isn’t just about protection from hackers, it’s about controlling personal data used for marketing purposes. When a brand tracks which products a customer clicks on in an effort to advertise relevant products via digital ads, it’s also a privacy concern.  The issue centers around control.

Consumers seek control

Fifty-five percent of consumers are willing to share information with brands they trust to get certain perks, like special deals or VIP status, but 66% of consumers want the ability to “turn off” the company’s data use when they’re no longer interested in the product.

While consumers want more control, they realize that brands aren’t likely to give it. In lieu of control, consumers say there’s a need for legal protection against brands using data as it see fits. More specifically, consumers aren’t keen on the idea of their information being purchased or sold to other companies. Consumers provide their information to companies they trust, and say it’s a betrayal when that information is given out without their consent.

Consumers from 15 different countries were asked if they wanted laws to prohibit a company from buying and selling data without consent. The response was a resounding “Yes.”

Responsibility in question

It’s obvious that consumers want more protection, but they aren’t sure whose obligation it is. Should the government pass laws? Is it a brand’s responsibility to protect customer data? What responsibility do consumers have when it comes to protection?

Research shows consumers are taking some action. Seventy-one percent of consumers are using software to block ads, protect data privacy and control their online experience.

A small percent of people are turning to virtual private networks, or VPNs, for added security. A VPN is essentially a secure channel that allows users to move around the web safely. Many use a VPN for added security while browsing, but it also provides a way to access blocked content. If a government, for example, is blocking a certain website a VPN allows access.

While VPNs could drastically increase a person’s internet privacy, they aren’t very popular. Just 25% of internet visitors have used a VPN in the past month, according to research from GlobalWebIndex. It’s more popular in countries that censor material online, but even then its usage remains fairly low.

Implementing software as a protection tool or using a VPN are both good steps toward self-protection, but research suggests that consumers are more likely to do nothing at all.

Despite numerous headlines about data breaches and a steady stream of ads popping up in social feeds, almost half (46%) of all Americans have done nothing to protect their privacy. They haven’t adjusted security settings on online accounts, changed passwords or even paid closer attention to the amount of information they share.

Patchwork legislation makes data privacy difficult

Since people aren’t willing to do much to protect their data, some governments have stepped in.

One of the biggest challenges facing data privacy on a global level is the number of patchwork laws aimed at offering protection. When it comes to protecting consumer data as it pertains to marketing or advertising, the U.S. doesn’t have a federal law on the books.

The U.S. does have legislation that protects data in certain situations, like healthcare and financial records, but not one that addresses internet privacy as a whole.

Some states have passed their own data privacy laws. These laws, in addition to a European privacy law, currently have the most influence over companies. The patchwork of legislation is part of the problem. It’s inconsistent, doesn’t protect everyone, and in many cases, is difficult to enforce.

Here’s a quick look at the laws that shape a company’s marketing plans:

State laws

In the U.S., certain states have created their own data privacy laws.

  • Colorado, for example, passed legislation in 2018 that forces businesses to take reasonable security measures when it comes to personal information.
  • Massachusetts requires every business that owns or licenses personal information to implement written information security programs, or WISP, for short.
  • Vermont recently passed legislation that targets companies that collect and sell personal information.
  • California will implement a GDPR-like law in 2020 that gives consumers the right to request a record of what types of data a company maintains about them and how it’s being used.
  • New York has drafted similar legislation that requires a company to give consumers a copy of the information kept on file.

GDPR

A European data privacy law enacted last year got a lot of attention. The General Data Protection Regulation, or GDPR, went into effect in 2018 and regulates how companies collect, store and use consumer information. While the legislation effects EU residents only, many businesses were forced to change their marketing tactics to comply since they market to customers all over the world.

It forces companies to get consent to collect and use data, gives consumers the ‘right to be forgotten’ by a company when they say so, requires a company to explain exactly how they will use a customer’s information, and forces companies to tell customers about any hacks or data breaches quickly.

Many see the GDPR as the first comprehensive data protection law to go into effect. As a result, many experts say similar legislation will follow suit in the other parts of the world. To stay ahead, many companies are changing their tactics to ensure compliance.

Company efforts to protect consumer data

To safeguard personal data requires a commitment on multiple fronts. Laws will help, but every company that collects customer information should do their part too. Many companies have beefed up their online security efforts in an attempt to protect data that customers trust them with.

Some safeguards include:

Encryption practices

A company must encrypt its data. Essentially, encryption disguises data so it can only be read by someone with a virtual key. Encryption makes data useless to hackers (since they don’t have the key), but constant encryption updates are required to stay ahead of hackers.

Limited data access

Companies are limiting the number of people that handle customer data. Fewer people with access to the data lowers the chances of leaks and hacks.

Strategic data collection

To advertise to customers, it’s not uncommon to think a company wants to know all they can about its customers. But in the age of data privacy, more companies are focusing on collecting data that makes a difference. In other words, companies are only asking for data that’s necessary.

Inform customers about your privacy policy

As part of your security efforts, make sure customers know what measures you take to protect their information. However, presenting it to customers is a bit tricky. Research shows customers are very unlikely to read long contracts. For example, if a privacy policy is lumped in with the terms of service contract, less than 1 in 1,000 people will read it, according to research conducted by NYU School of Law. Instead, companies should create a page for it on their website that highlights the key points.

Summary

The issue of internet privacy is a multifaceted concern. People are concerned about companies using their data and hackers stealing their data. Protection is needed, but the best way to implement safeguards hasn’t been identified yet.

A global solution is difficult, especially considering internet privacy varies by country. The Internet Privacy Index shows how seriously privacy concerns are taken in countries all over the world. Norway, which holds the highest privacy score, can serve as an example for other countries looking to improve internet privacy. And yet, more work is required as comprehensive internet privacy plans evolve.

Methodology

A composite score between 0 and 100 was created based on the weighted sum of the variables listed below. Only those countries that had data for all of the selected variables were included in calculations.

  1. Press freedom
  2. Existence of data privacy laws
  3. Democracy Index
  4. Freedom of opinion and expression is effectively guaranteed
  5. Freedom from arbitrary interference with privacy is effectively guaranteed
  6. The government does not expropriate without lawful process and adequate compensation
  7. Cybercrime Legislation Worldwide

Alex Grant